Google has three months to make changes or risk a fine of up to 150,000 euros ($201,100) and a second of 300,000 euros if it still fails to comply with the French Data Protection Act.
Last year, Google consolidated 60 privacy policies into one covering YouTube, Gmail and Google+ with no opt-out choice for users. Already wary, National European data protection regulators gave Google until February to propose changes—which it did not—resulting in the latest edict.
Britain, Germany, Italy, the Netherlands and Spain are following France’s lead. "By the end of July, all the authorities within the (EU data protection) task force will have taken coercive action against Google," said CNIL President Isabelle Falque-Pierrotin, Reuters reports.
The specific breach of French law “prevents individuals from knowing how their personal data may be used and from controlling such use,” said CNIL in a statement. The use of personal data has come under an increasingly harsh light since the US NSA's surveillance program PRISM was exposed by whistleblower Edward Snowden. The operation, which implicated Google, Yahoo, AOL, Skype, Apple and other large tech brands has caused international concern.
"There is a mass of personal information floating about on people in the Google galaxy that people are not even aware of," said Falque-Pierrotin. "All we are saying to Google is that we would like it to lift the veil a little on what it's doing."
Google has previously faced inquiries over its street view technology, which was accused of collecting other extraneous data over Wi-Fi networks as it passed through cities. As for France, the threat of a fine may not be enough to motivate Google to change its ways. “The two fines combined remains small change to Google," notes Zdnet. "France's two fines alone would take the company less than 15 minutes to regenerate in revenue."
Earlier this week, Sweden’s data protection agency ruled to disallow an agreement between the small municipality of Salem and Google for use of cloud services—like Google Apps—in public. Failing to reach an agreement, the Swedish regulator instituted a ban which challenges Google’s “one size fits all” policy and calls for greater specificity, transparency, and sensitivity to cultural nuance.
Add to that growing concerns over Google Glass as officials in Australia, New Zealand, Canada, Mexico, Israel and Switzerland sent CEO Larry Page a letter with eight questions about Google Glass compliance with data protection laws and what the company is doing about “the broader social and ethical issues raised by such a product, for example, the surreptitious collection of information about other individuals.”
The final question in the letter asks: “Would Google be willing to demonstrate the device to our offices and allow any interested data protection authorities to test it?”
“While up to now Google’s usual response has been along the lines of hey, this is new tech we’ve got here, we don’t even know how it’s going to turn out so let’s see where it goes,” notes Digital Trends, “it may well be time for Larry to take a set of his AR specs along to some meetings with concerned parties, together with some soothing words to allay privacy fears.”